From 4c5255f5ad587b13644c6a38e9d9ef3c0ef9852f Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 14 Feb 2017 03:52:20 -0500
Subject: cookie: enhance cookie security (#3525)

---
 routers/user/auth.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'routers/user')

diff --git a/routers/user/auth.go b/routers/user/auth.go
index 88ad055f..45ec1156 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -123,8 +123,8 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 
 	if form.Remember {
 		days := 86400 * setting.LogInRememberDays
-		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
-		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
+		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
+		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
 	}
 
 	ctx.Session.Set("uid", u.ID)
-- 
cgit v1.2.3